root@ecsweb:~# cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
-
# An alternative list with additional directives can be obtained from
-
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
# If it detects a LetsEncrypt request, is uses the LE backend
frontend ft_http
bind :80
mode http
default_backend bk_http
frontend ft_https
bind :443
mode tcp
default_backend bk_https
# This is our new config that listens on port 443 for SSL connections
# bind *:443 ssl crt /etc/ssl/ecsweb.bdcom.com.bd/ecsweb.bdcom.com.bd.pem
# Redirect if HTTPS is *not* used
redirect scheme https code 301 if !{ ssl_fc }
# Test
URI to see if its a letsencrypt request
# acl letsencrypt-acl path_beg /.well-known/acme-challenge/
# use_backend letsencrypt-backend if letsencrypt-acl
## default_backend be-scalinglaravel
##backend be-scalinglaravel
## balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend bk_http
mode http
balance roundrobin
#stick on src table bk_https
default-server inter 1s
server ecs.gov.bd ecs.gov.bd:80 check id 1
server ecs.bdcom.com.bd ecs.bdcom.com.bd:80 check id 2
#server ecsww.bdcom.com.bd ecsww.bdcom.com.bd:80 check id 3
#server dns2.bdcom.com dns2.bdcom.com:80 check id 3
backend bk_https
mode tcp
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
default-server inter 1s
# server ecsweb.bdcom.com.bd ecsweb.bdcom.com.bd:443 check ssl verify none
#server prohostnms.bdcom.net prohostnms.bdcom.net:443 check ssl verify none
# for 8181 haproxy panel
listen stats
bind *:8181
stats enable
stats uri /
stats realm Haproxy\ Statistics
stats auth admin:bdc0m987
#backend letsencrypt-backend
# server letsencrypt 127.0.0.1:8888